The cybersecurity researchers have recently detected a data breach of Juspay’s servers. And according to the experts’ report, in this data breach, nearly 10 Crore of debit and credit cardholders’ data was compromised and the threat actors have leaked them on Dark Web.
Later, this news was confirmed by one of the cybersecurity researchers, Rajaharai; he affirmed that nearly 10 crores of debit and credit cardholders in the country are being sold for an anonymous amount on the Dark Web.
However, the data that has been leaked reportedly carries full names, phone numbers, and email addresses of every cardholder; not only this but the hackers also have the first and last four digits of their cards.
Juspay’s response on this breach
The security experts of Juspay has initially offered a software development kit (SDK) for app creators so that they can integrate its services properly. The experts also asserted that it calculates all major Indian and international tech firms like Amazon, Airtel, Swiggy, Vodafone, Uber, Cred, Ola, and Flipkart.
The spokesperson of Juspay stated that “emails containing all kinds of subset along with mobile information got leaked with 10 crore transactions.” However, the spokesperson of Juspay also added by saying that “the hackers from the infamous ‘ShinyHunters’ group had obtained access to one of Juspay’s developer keys and was generating new calculation servers in the developer account.”
According to the experts, the data that got leaked are mentioned below:-
- Full card numbers
- Phone Numbers
- Email Address
- Order information
- Card PINs
Poor Track Record of India in Cybersecurity
India has suffered many cyber attacks in the year 2020; according to the Ministry of Electronics and Information Technology (MeitY), Indian citizens, business, and legal entities have suffered 7 Lakh cyber attacks till August 2020.
Rather than BigBasket, many firms in India suffered these cyber attacks like Google-backed hyperlocal delivery platform Dunzo, restaurant chain owner Haldirams, edtech platform Edureka, online tour marketplace RailYatri.
Not only this, but the hackers have also attacked the personal website of Prime Minister Narendra Modi, who has suffered data breaches in 2020. According to the report, some data of these websites are being consequently leaked on the dark web and are available for purchase as well.
The data was being sold on the Dark Web for an undisclosed amount through Bitcoin. But, Juspay has mentioned that it has made significant investments in security and data governance, and its plans are adjusted to globally trusted data protection standards.